From owner-freebsd-questions@freebsd.org  Tue Aug 25 14:28:44 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5597C99AC1F
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 25 Aug 2015 14:28:44 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1CB197C7
 for <freebsd-questions@freebsd.org>; Tue, 25 Aug 2015 14:28:43 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from r56.edvax.de (port-92-195-38-7.dynamic.qsc.de [92.195.38.7])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx02.qsc.de (Postfix) with ESMTPS id 39406278CA;
 Tue, 25 Aug 2015 16:28:42 +0200 (CEST)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id t7PESfmF002430;
 Tue, 25 Aug 2015 16:28:41 +0200 (CEST)
 (envelope-from freebsd@edvax.de)
Date: Tue, 25 Aug 2015 16:28:41 +0200
From: Polytropon <freebsd@edvax.de>
To: Jaime Kikpole <jkikpole@cairodurham.org>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: Blocking SSH access based on bad logins?
Message-Id: <20150825162841.b8f840ab.freebsd@edvax.de>
In-Reply-To: <CA+sg5RRppb8-paYnYtL8UMnSfP0ebzUwtM4LLNGayudCwXpyag@mail.gmail.com>
References: <CA+sg5RRppb8-paYnYtL8UMnSfP0ebzUwtM4LLNGayudCwXpyag@mail.gmail.com>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2015 14:28:44 -0000

On Tue, 25 Aug 2015 09:16:16 -0400, Jaime Kikpole wrote:
> I've noticed a number of SSH login attempts for the username "admin"
> on my FreeBSD systems.  None of them have a username of "admin".  So I
> was wondering if there was a way (even via a port) to tell the system,
> "If an IP tries to login as 'admin', block that IP."

I think "fail2ban" is the solution you are searching for.



> I'm already using SSHGuard to block certain obvious attempts to break
> in.  I'm fine with altering its configs or adding/switching to a new
> port.

You'll find "fail2ban" in the FreeBSD ports collection
along with some documentation. It's easy to set up. :-)



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...